ConfigServer Security & Firewall

asda?‰PNG IHDR ? f ??C1 sRGB ??é gAMA ±?üa pHYs ? ??o¨d GIDATx^íüL”÷e÷Y?a?("Bh?_ò???￠§?q5k?*:t0A-o??￥]VkJ￠M??f?±8\k2íll￡1]q?ù???T #!/usr/bin/perl #WHMADDON:addonupdates:ConfigServer Security&Firewall ############################################################################### # Copyright 2006-2023, Way to the Web Limited # URL: http://www.configserver.com # Email: sales@waytotheweb.com ############################################################################### ## no critic (RequireUseWarnings, ProhibitExplicitReturnUndef, ProhibitMixedBooleanOperators, RequireBriefOpen) # start main use strict; use File::Find; use Fcntl qw(:DEFAULT :flock); use Sys::Hostname qw(hostname); use IPC::Open3; use lib '/usr/local/csf/lib'; use ConfigServer::DisplayUI; use ConfigServer::DisplayResellerUI; use ConfigServer::Config; use ConfigServer::Slurp qw(slurp); our ($reseller, $script, $script_da, $images, %rprivs, $myv, %FORM, %daconfig); my $config = ConfigServer::Config->loadconfig(); my %config = $config->config; my $slurpreg = ConfigServer::Slurp->slurpreg; my $cleanreg = ConfigServer::Slurp->cleanreg; foreach my $line (slurp("/etc/csf/csf.resellers")) { $line =~ s/$cleanreg//g; my ($user,$alert,$privs) = split(/\:/,$line); $privs =~ s/\s//g; foreach my $priv (split(/\,/,$privs)) { $rprivs{$user}{$priv} = 1; } $rprivs{$user}{ALERT} = $alert; } my %session; if ($ENV{SESSION_ID} =~ /^\w+$/) { open (my $SESSION, "<", "/usr/local/directadmin/data/sessions/da_sess_".$ENV{SESSION_ID}) or die "Security Error: No valid session ID for [$ENV{SESSION_ID}]"; flock ($SESSION, LOCK_SH); my @data = <$SESSION>; close ($SESSION); chomp @data; foreach my $line (@data) { my ($name, $value) = split(/\=/,$line); $session{$name} = $value; } } if (($session{key} eq "") or ($session{ip} eq "") or ($session{key} ne $ENV{SESSION_KEY})) { print "Security Error: No valid session key"; exit; } my ($ppid, $pexe) = &getexe(getppid()); if ($pexe ne "/usr/local/directadmin/directadmin") { print "Security Error: Invalid parent"; exit; } delete $ENV{REMOTE_USER}; #print "content-type: text/html\n\n"; #foreach my $key (keys %ENV) { # print "ENV $key = [$ENV{$key}]
\n"; #} #foreach my $key (keys %session) { # print "session $key = [$session{$key}]
\n"; #} if (($session{key} ne "" and ($ENV{SESSION_KEY} eq $session{key})) and ($session{ip} ne "" and ($ENV{REMOTE_ADDR} eq $session{ip}))) { my @usernames = split(/\|/,$session{username}); $ENV{REMOTE_USER} = $usernames[-1]; } $reseller = 0; if ($ENV{REMOTE_USER} ne "" and $ENV{REMOTE_USER} eq $ENV{CSF_RESELLER} and $rprivs{$ENV{REMOTE_USER}}{USE}) { $reseller = 1; } else { print "You do not have access to this feature\n"; exit(); } open (my $IN, "<", "/etc/csf/version.txt") or die $!; $myv = <$IN>; close ($IN); chomp $myv; $script = "/CMD_PLUGINS_RESELLER/csf/index.raw"; $script_da = "/CMD_PLUGINS_RESELLER/csf/index.raw"; $images = "/CMD_PLUGINS_RESELLER/csf/images"; my $buffer = $ENV{'QUERY_STRING'}; if ($buffer eq "") {$buffer = $ENV{POST}} my @pairs = split(/&/, $buffer); foreach my $pair (@pairs) { my ($name, $value) = split(/=/, $pair); $value =~ tr/+/ /; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $FORM{$name} = $value; } open (my $DIRECTADMIN, "<", "/usr/local/directadmin/conf/directadmin.conf"); my @data = <$DIRECTADMIN>; close ($DIRECTADMIN); chomp @data; foreach my $line (@data) { my ($name,$value) = split(/\=/,$line); $daconfig{$name} = $value; } my $bootstrapcss = ""; my $jqueryjs = ""; my $bootstrapjs = ""; my @header; my @footer; my $bodytag; my $htmltag = " data-post='$FORM{action}' "; if (-e "/etc/csf/csf.header") { open (my $HEADER, "<", "/etc/csf/csf.header"); flock ($HEADER, LOCK_SH); @header = <$HEADER>; close ($HEADER); } if (-e "/etc/csf/csf.footer") { open (my $FOOTER, "<", "/etc/csf/csf.footer"); flock ($FOOTER, LOCK_SH); @footer = <$FOOTER>; close ($FOOTER); } if (-e "/etc/csf/csf.htmltag") { open (my $HTMLTAG, "<", "/etc/csf/csf.htmltag"); flock ($HTMLTAG, LOCK_SH); $htmltag .= <$HTMLTAG>; chomp $htmltag; close ($HTMLTAG); } if (-e "/etc/csf/csf.bodytag") { open (my $BODYTAG, "<", "/etc/csf/csf.bodytag"); flock ($BODYTAG, LOCK_SH); $bodytag = <$BODYTAG>; chomp $bodytag; close ($BODYTAG); } unless ($config{STYLE_CUSTOM}) { undef @header; undef @footer; $htmltag = ""; $bodytag = ""; } unless ($FORM{action} eq "tailcmd" or $FORM{action} =~ /^cf/ or $FORM{action} eq "logtailcmd" or $FORM{action} eq "loggrepcmd") { print < ConfigServer Security & Firewall $bootstrapcss $jqueryjs $bootstrapjs \n"; print @header; print <

ConfigServer Security & Firewall - csf v$myv

EOF } ConfigServer::DisplayResellerUI::main(\%FORM, $script, 0, $images, $myv); unless ($FORM{action} eq "tailcmd" or $FORM{action} =~ /^cf/ or $FORM{action} eq "logtailcmd" or $FORM{action} eq "loggrepcmd") { print < \n"; print @footer; print "\n"; print "\n"; } sub getexe { my $thispid = shift; open (my $STAT, "<", "/proc/".$thispid."/stat"); my $stat = <$STAT>; close ($STAT); chomp $stat; $stat =~ /\w\s+(\d+)\s+[^\)]*$/; my $ppid = $1; my $exe = readlink("/proc/".$ppid."/exe"); return ($ppid, $exe); } 1;